<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
Said it was enough to understand. :)<br>
<br>
I strictly recommend to start from here:<br>
<br>
<a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/Public_key_infrastructure">http://en.wikipedia.org/wiki/Public_key_infrastructure</a><br>
<br>
<br>
22.04.15 13:30, snakeeyes пишет:<br>
<span style="white-space: pre;">> Hmmm , cant u provide more
info??<br>
><br>
> I followed wiki <br>
><br>
>
<a class="moz-txt-link-freetext" href="http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate">http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate</a><br>
><br>
> <br>
><br>
> but im still confused with certificates , if possible and
don’t mind , could u tell me brief steps ?<br>
><br>
> <br>
><br>
> thanks a lot for ur kind help<br>
><br>
> <br>
><br>
> regards<br>
><br>
> <br>
><br>
> From: squid-users
[<a class="moz-txt-link-freetext" href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>] On Behalf Of
Yuri Voinov<br>
> Sent: Tuesday, April 21, 2015 11:19 AM<br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> Subject: Re: [squid-users] problem in squid certificate
installtion<br>
><br>
> <br>
><br>
><br>
> Self-signed certificate is not suitable for use in a reverse
proxy.<br>
><br>
> 22.04.15 9:17, snakeeyes пишет:<br>
> > Hi<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > I need to setup squid proxy as reverse proxy with
https<br>
><br>
> enabled<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > I tried the bash script below and it run ok :<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > ###########################<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > OPENSSL=/usr/bin/openssl<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > SSLDIR=/etc/mydlp/ssl<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > mkdir -p $SSLDIR || exit 1<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > rm -rf $SSLDIR/*<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > [ -e $SSLDIR/private.pem ] || $OPENSSL genrsa 4096
><br>
><br>
> $SSLDIR/private.pem<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > [ -e $SSLDIR/public.pem ] || (echo -e<br>
><br>
><br>
><br>
><br>
><br>
>
<a class="moz-txt-link-rfc2396E" href="mailto:TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport@mydlp.com\n"><mailto:TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport@mydlp.com\n></a>
<a class="moz-txt-link-rfc2396E" href="mailto:TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport@mydlp.com\n">"TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport@mydlp.com\n"</a>|<br>
><br>
> $OPENSSL<br>
><br>
><br>
><br>
> > req -new -x509 -days 3650 -key $SSLDIR/private.pem
-out<br>
><br>
> $SSLDIR/public.pem)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > [ -e $SSLDIR/user.der ] || $OPENSSL x509 -in<br>
><br>
> $SSLDIR/public.pem -outform DER<br>
><br>
><br>
><br>
> > -out $SSLDIR/user.der<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > ######################################<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > ls -l /etc/mydlp/ssl<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > total 12<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > -rw-r--r-- 1 root root 3243 Apr 21 08:26
private.pem<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > -rw-r--r-- 1 root root 2090 Apr 21 08:26
public.pem<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > -rw-r--r-- 1 root root 1501 Apr 21 08:27 user.der<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > ######################################<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Added to squid.conf :<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > https_port 443 key=/etc/mydlp/ssl/private.pem<br>
><br>
> cert=/etc/mydlp/ssl/public.pem<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > And when I start squid ,<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > FATAL: No valid signing SSL certificate configured
for<br>
><br>
> HTTPS_port [::]:443<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Squid Cache (Version 3.5.1): Terminated
abnormally.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > CPU Usage: 10.189 seconds = 10.133 user + 0.056
sys<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Maximum Resident Size: 271264 KB<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Page faults with physical i/o: 44<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Hope to help<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > regards<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > _______________________________________________<br>
><br>
><br>
><br>
> > squid-users mailing list<br>
><br>
><br>
><br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
><br>
><br>
><br>
> > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJVNsJ5AAoJENNXIZxhPexGE7IH/3JpGhiwEg2puuCiCxOu81re
<br>
GcldpwyP3rdJ5TRF/IxFV1K++a+lNDvppVORQwLCpFX6uY3XeBh2Lsn4lsenpV7n
<br>
dGBIcKm4eP34ko8EAyjFjKcpoyF9ocl6ygX7XlVgqEE6PYZZG+GJOz2DOPe2u3kg
<br>
RWPQjFLHY0DLKgFTj9h3/uLb+6D+opTYH+5dN3vkuf0jAAuQuGaCz9F5wbnxu8Q9
<br>
G2zvWqmRbye2hd3ukHbPY0wRyjHZCiFMBF5Q69ciJJzOqDjPd5+0tkg+o+9AcznL
<br>
1Q4gZQADMdf3RcDZ42HhINxoqSeiBiRw8SP67/XATb38giwc1/pppVbgMHGBPOc=
<br>
=tltw
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>